How to find source of tls 1.0, 1.1 traffic

We are killing off tls 1.0 and 1.1 on legacy sites and I want to know if there is a way to find the source ip of tls 1.0 or 1.1 traffic in the UI without having to use the GraphQL analytics API.

Trying to find graphql query that would give me that info…Do you have that?

Only thing I found is with logpus / logpull, but you need a destination…
Client to Cloudflare handshake: ClientSSLProtocol
Cloudflare to Origin handshake : OriginSSLProtocol